<?php
/********************************************************************/
/* Programmer: Scott Gildersleeve                 					*/
/*       Date: 2/1/2013                           					*/
/*  Page Name: login.php                           					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/* PHP Login System                               					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/*   Date        Reviser       Revision           					*/
/* --------     ---------     ----------          					*/
/* 2/4/13       S. Gilder     Integration with    					*/
/*                            FirstPage.html      					*/
/* 2/9/13       D. Widjaya    Change redirect page to main.php      */
/* 2/9/13       S. Gilder     Added avatar to session variable      */
/*                                                					*/
/********************************************************************/
   
   /* FUNCTIONS */
   require("functions.php");

   /* FALL THROUGH CODE */
   if (!check_login()) // In functions.php. Checks to see if all of the required session information is stored.
   {   
      session_start();
	  
   /* VARIABLES */
      $email      = "";
      @ $email    = $_REQUEST['UserName'];
	  $errMsg     = "Cool";
      $password   = "";
      @ $password = $_REQUEST['Password'];
      
         $database = mysqli_connect('csweb.studentnet.int', 'cs414', 'pcc1234', 'cs414');

         $stmt = $database->prepare("SELECT salt_hash, user_id, avatar FROM cs_authentication where email = ?;");
         $stmt->bind_param("s", $email);
         $stmt->bind_result($fetchedPassword, $fetchedUserID, $fetchedAvatar);
         $stmt->execute();

         if ($stmt->fetch()) //Checks if there's a user with the email provided
         {
            if($fetchedPassword == md5(sha1(md5(md5($password))))) // Checks if the passwords match up
            {
                  mysqli_close($database);
				  $_SESSION['userid']  = $fetchedUserID;
				  $_SESSION['avatar']  = $fetchedAvatar;
                  // Also, you can grab whether the user is faculty or not here and store that in a session if
                  // you don't want to constantly be checking against their email.
                  // Basically, add any user information here that you will need to store in a session. 
				  //Get it up top where we're selecting and assign it here.
				  header("Location: main.php");
            }
            else
            {
			   header("Location: FirstPage.php?field=invPsd");
			   
            }
         }
         else
         {
			header("Location: FirstPage.php?field=invEml");
         }		 
   }
?>